Vulnerability Details : CVE-2021-25489
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
Vulnerability category: OverflowInput validation
CVE-2021-25489 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Samsung Mobile Devices Improper Input Validation Vulnerability
CISA required action:
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
CISA description:
Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.
Notes:
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10
Added on
2023-06-29
Action due date
2023-07-20
Exploit prediction scoring system (EPSS) score for CVE-2021-25489
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less